Wednesday, August 10, 2011

ADAMSync Aging

In this post I will describe Aging with ADAMSync. If you configure ADAMSync to replicate your Active Directory information to an LDS Instance, without aging deleted data from Active Directory will never be removed from LDS. For example if you delete a user object from your Active Directory database, this object will not be deleted from the LDS Instance when you run the next sync.

- If it's set to "0", the Aging will be skipped, AdamSync will return the following informaiton:a. Aging is skipped. b. The times since the last sync.

- If it's larger than "0", system will compare its value with the number of times since the last sync:

a. If its value is larger than the number of times since the last sync, Aging will be skipped, and the number of the times since the last sync will be increased by 1.b. if its value is not larger than the number of times since the last sync, Aging procedure will be called and the number of times since the last sync will be reset.

Examples:

- If the value is set to 0, aging will be not used.- If the value is set to 1, the aging will be called each time during the sync. - if it's set to 2, the aging will be called every two sync.

num-objects

num-objects is the number of objects that need to be aged per run. If you make this 0, it will always age all objects against Active Directory. If you make this 50, it will only age 50. When you perform the next sync, it will age the next 50. Don't worry all objects will eventually be aged... depends on how often you schedule task adamsync.exe to run!

Why was Aging developed?

Please read this fantastic article by Eric Fleischman which explains why Aging was developed by Microsoft in ADAMSync.

Thankyou to James Li from the Directory Services Support Team at Microsoft for looking at the source code of ADAMSync.exe and explaining how the code works! This information was published with written permission from Microsoft via email.

7 comments:

Thanks for the article...I've got a pretty straightforward scenario, on forest & domain. My LDS instance gets populated by membership in a USG, and works great. New members are added to LDS by doing a /fs style sync from AD to LDS. I've got aging set at 1, num objects is at 0, and I see aging statements in the log.

Problem is, I can't get stale accounts out of LDS. I can try to remove the user from the USG or disable the user, or move the user to another OU, but it remains in its original location. Any ideas for what I'm missing?